1. Technical Field
The present invention relates to security in a network computer environment. More specifically, the present invention relates to security in computer networks which use several TCP/IP ports.
2. Description of Related Art
As applications become increasingly net-centric, myriad TCP/IP ports are tapped to provide various functions undreamed of only a few years ago. Numerous applications now communicate via obscure, but dedicated, TCP/IP ports and accordingly, provisions must be made within each system to allow connections upon these ports as warranted. If this increase in port nomenclature and usage were not enough to confound security, the boundaries between xe2x80x9csecuredxe2x80x9d and xe2x80x9cunsecuredxe2x80x9d are becoming more difficult to fathom as well, as the old model of a bastion firewall marking the border between a hostile outside and a benign corporate environment is increasingly outmoded.
This blurring of the lines can be demonstrated firstly by the incorporation of multiple web-servers, and even multiple domains, within the xe2x80x9csecurexe2x80x9d side of organizational firewalls. As outsiders are permitted electronic entry into an organization through designated TCP/IP ports, the old xe2x80x9coutside-is-dangerous, inside-is-safexe2x80x9d model breaks down. Furthermore, organizations are increasingly subject to multiple levels of security even within their firewalls; examples of this are school districts, which need deterrents not only from the outside world, but also between the student-accessible computers and the administrative computers housing grades and student records.
It is clear that old security paradigms based upon a singular, well-controlled entry point into an organization now solve only part of the problem. It is also apparent that new security methods must be developed to safeguard systems as individual entities, given this new level of complexity inherent in system""s models.
Because of the ambiguities between which subnetwork, machines and directory structures are safe and which are not, the solution should exist on the individual systems themselves. Secondly, because each unique system is going to be tasked with primary job responsibilities, it is of great importance that the systems not be loaded with any CPU-intensive processes in monitoring port usage upon its own system. Minimizing the impact of such a monitoring tool upon any jobs running on the targeted system is paramount. Security must not be accompanied by significant reduction in the performance of the host systems.
Currently, solutions exist only at the firewall, with the limitations described above, or at the host level, with heavy demands upon the resources of the target system. Therefore, a port monitoring method that can be implemented on the individual client computers in a network, but does not add an undue processing burden, would be desirable.
The present invention provides a method for monitoring incoming data from an external computer network. The invention comprises polling all active port connections in a data processing system at regular intervals and comparing these connections to a table of authorized ports and IP addresses. Any unauthorized connections are logged and a network administrator is notified. The present invention can be implemented on clients within a computer network.